Esther Payne

https://lca2020.linux.org.au/schedule/presentation/59/

In 1996 Brian E. Carpenter of IAB and Fred Baker of IETF wrote a co-statement on cryptographic technology and the internet. This RFC wasn't a request for a technical standard, it was a statement on their concerns about Governments trying to restrict or interfere with cryptography. They felt that there was a need to offer "All Internet Users an adequate degree of privacy"

Since that time successive governments around the world have sought to build back doors into encrypted apps and services to access more citizen and visitor data. As of July 2019, the AG of the United States William Barr stated: "Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,” i.e For security Americans should accept weakened encryption. The head of the FBI also claimed that weakened encryption wouldn't break it.

In Australia the metadata retention laws have been abused against journalists with 58 searches carried out by the AFP. In 2015 ACT police carried out 115 metadata searches. UK officials have a cavalier attitude to the EU SIS database which tracks undocumented migrants, missing people, stolen cars, or suspected criminals.

IETF Session 105 mentioned privacy and concerns with the mass collection of data. While the IAB and IESG were worried about US export controls on cryptography there is an argument for RFC 1984 to be updated to include the unnecessary mass collection of data and to use it as a term for IT professionals, privacy advocates and the public to rally behind.

In this talk let's recount a brief history of governments around the world wanting to weaken encryption as RFC 1984 warned us about.

We live in a time where citizens put data into commercial, healthcare and Government systems to access services, some services are only accessible online. From CCTV to Facebook people have little understanding of why mass collection of data is dangerous. There is little scrutiny of who can access that data, from Scotland to the US.

Open Surveillance is only a small part of the picture when profiling citizens. It still counts as personal data, when combined with metadata and the actual data that people put into social media and services like ancestor DNA test kits. Businesses who use CCTV have to put up signs to warn the public they are recording. So called anonymized data still contains identifiers that can tie to individuals.

Let's talk about Ovid and peacocks. Let's explore how to expand the RFC to cover recent developments in surveillance capitalism with governments accessing that data, but not securing it. We need to make it clear weakened encryption, the mass collection and careless retention of data isn't acceptable. We need to update and implement RFC 1984.

linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/

Produced by NDV: https://youtube.com/channel/UCQ7dFBzZGlBvtU2hCecsBBg?sub_confirmation=1

#linux.conf.au #linux #foss #opensource

Fri Jan 17 11:40:00 2020 at Room 5

plus-circle Add Review

comment

Reviews